Running containers inside VMs in multitenant scenarios is so common that Google though of inventing gVisor which you can think of as a highly paravirtualized guest OS that is lighter than a full VM but still based on similar virtualization principles for isolation.